diff options
| -rw-r--r-- | setup/projects/adei/templates/01-asec-secret.yml.j2 | 40 | ||||
| -rw-r--r-- | setup/projects/adei/vars/apps.yml | 1 | ||||
| -rw-r--r-- | setup/projects/adei/vars/asec.yml | 46 | ||||
| -rw-r--r-- | setup/projects/adei/vars/phpmyadmin.yml | 2 | ||||
| -rw-r--r-- | setup/projects/adei/vars/script.yml | 2 | ||||
| -rw-r--r-- | setup/projects/adei/vars/volumes.yml | 8 |
6 files changed, 98 insertions, 1 deletions
diff --git a/setup/projects/adei/templates/01-asec-secret.yml.j2 b/setup/projects/adei/templates/01-asec-secret.yml.j2 new file mode 100644 index 0000000..17272aa --- /dev/null +++ b/setup/projects/adei/templates/01-asec-secret.yml.j2 @@ -0,0 +1,40 @@ +apiVersion: v1 +kind: Template +metadata: + name: asec-secret + labels: + app: asec + annotations: + descriptions: "ASEC Secrets" +objects: +- apiVersion: v1 + kind: Secret + metadata: + annotations: + template.openshift.io/expose-asec_password: '{.data[''asec-password'']}' + template.openshift.io/expose-root_password: '{.data[''root-password'']}' + template.openshift.io/expose-service_password: '{.data[''service-password'']}' + name: asec + stringData: + asec-password: "${ASEC_PASSWORD}" + root-password: "${ROOT_PASSWORD}" + service-password: "${SERVICE_PASSWORD}" +parameters: +- description: Password for the service users + displayName: Service Connection Password + from: '[a-zA-Z0-9]{16}' + generate: expression + name: SERVICE_PASSWORD + required: true +- description: Password for the asec user + displayName: ASEC password + from: '[a-zA-Z0-9]{16}' + generate: expression + name: ASEC_PASSWORD + required: true +- description: Password for the root users + displayName: DB Admin Password + from: '[a-zA-Z0-9]{16}' + generate: expression + name: ROOT_PASSWORD + required: true diff --git a/setup/projects/adei/vars/apps.yml b/setup/projects/adei/vars/apps.yml index bc4ed1e..5152bde 100644 --- a/setup/projects/adei/vars/apps.yml +++ b/setup/projects/adei/vars/apps.yml @@ -1,5 +1,6 @@ apps: mysql: { provision: true, instantiate: true } + asec: { provision: true, instantiate: true } galera: { provision: false, instantiate: false } # simple_mysql: { provision: false, instantiate: false } phpmyadmin: { provision: true, instantiate: true } diff --git a/setup/projects/adei/vars/asec.yml b/setup/projects/adei/vars/asec.yml new file mode 100644 index 0000000..b81e8e4 --- /dev/null +++ b/setup/projects/adei/vars/asec.yml @@ -0,0 +1,46 @@ +asec: + options: + delete: false + + pods: + asec_master: + kind: StatefulSet + sa: "adeidb" + service: { ports: [ 3306 ] } + network: { host: "{{ ands_hostnet_db | default(false) }}" } + sched: { replicas: 1, strategy: "Recreate", selector: { hostid: "3" } } + groups: [ "adei_asec" ] + labels: { 'service': 'asec-mysql' } + pvc: { 'asec_master': {} } + images: + - image: "chsa/mysql:5.7" + command: [ "run-mysqld-master" ] + env: + - { name: "MYSQL_ROOT_PASSWORD", value: "secret@asec/root-password" } + - { name: "MYSQL_USER", value: "asec" } + - { name: "MYSQL_USER_PRIV_SUPER", value: "1" } + - { name: "MYSQL_PASSWORD", value: "secret@asec/asec-password" } + - { name: "MYSQL_DATABASE", value: "asec" } + - { name: "MYSQL_EXTRADB", value: "%" } + - { name: "MYSQL_MASTER_USER", value: "replication" } + - { name: "MYSQL_MASTER_PASSWORD", value: "secret@asec/service-password" } + - { name: "MYSQL_PMA_PASSWORD", value: "secret@adei/pma-password" } + - { name: "MYSQL_MAX_CONNECTIONS", value: "500" } + - { name: "MYSQL_INNODB_BUFFER_POOL_SIZE", value: "4G" } + - { name: "MYSQL_INNODB_BUFFER_POOL_INSTANCES", value: "8" } + - { name: "MYSQL_INNODB_LOG_FILE_SIZE", value: "2G" } + - { name: "MYSQL_INNODB_LOG_BUFFER_SIZE", value: "16M" } + - { name: "MYSQL_SYNC_BINLOG", value: "0" } + - { name: "MYSQL_BINLOG_SYNC_DELAY", value: "25000" } + - { name: "MYSQL_BINLOG_NODELAY_COUNT", value: "32" } + - { name: "MYSQL_INNODB_FLUSH_LOG_TYPE", value: "2" } + - { name: "MYSQL_INNODB_FLUSH_METHOD", value: "O_DIRECT" } + - { name: "MYSQL_INNODB_FLUSH_LOG_TIMEOUT", value: "300" } + - { name: "MYSQL_BINLOG_FORMAT", value: "ROW" } +# - { name: "MYSQL_BINLOG_FORMAT", value: "MIXED" } + mappings: + - { name: "asec_master", mount: "/var/lib/mysql/data" } + resources: { request: { cpu: 1000m, mem: 4Gi }, limit: { cpu: 2000m, mem: 8Gi } } + probes: + - { type: "liveness", port: 3306 } + - { type: "readiness", command: [ /bin/sh, -i, -c, MYSQL_PWD="$MYSQL_PASSWORD" mysql -h 127.0.0.1 -u $MYSQL_USER -D $MYSQL_DATABASE -e 'SELECT 1' ], delay: "15", timeout: "5" } diff --git a/setup/projects/adei/vars/phpmyadmin.yml b/setup/projects/adei/vars/phpmyadmin.yml index 7a2bc40..323ea05 100644 --- a/setup/projects/adei/vars/phpmyadmin.yml +++ b/setup/projects/adei/vars/phpmyadmin.yml @@ -8,7 +8,7 @@ phpmyadmin: env: - { name: "DB_SERVICE_HOST", value: "mysql-master.adei.svc.cluster.local" } - { name: "DB_SERVICE_PORT", value: "3306" } - - { name: "DB_EXTRA_HOSTS", value: "mysql-slave.adei.svc.cluster.local,mysql.katrin.svc.cluster.local,galera.adei.svc.cluster.local" } + - { name: "DB_EXTRA_HOSTS", value: "mysql-slave.adei.svc.cluster.local,mysql.katrin.svc.cluster.local,galera.adei.svc.cluster.local,asec-master.adei.svc.cluster.local,asec-slave.adei.svc.cluster.local" } # - { name: "DB_SERVICE_CONTROL_USER", value: "pma" } # - { name: "DB_SERVICE_CONTROL_PASSWORD", value: "secret@adei/pma-password" } probes: diff --git a/setup/projects/adei/vars/script.yml b/setup/projects/adei/vars/script.yml index a767369..7bd935c 100644 --- a/setup/projects/adei/vars/script.yml +++ b/setup/projects/adei/vars/script.yml @@ -8,3 +8,5 @@ oc: - apps: ".*" - oc: "expose svc/mysql-master --type LoadBalancer --port 3306 --protocol TCP --generator service/v1 --name mysql-ingress" resource: "svc/mysql-ingress" + - oc: "expose svc/asec-master --type LoadBalancer --port 3306 --protocol TCP --generator service/v1 --name asec-ingress" + resource: "svc/asec-ingress" diff --git a/setup/projects/adei/vars/volumes.yml b/setup/projects/adei/vars/volumes.yml index 1d61230..a17cadb 100644 --- a/setup/projects/adei/vars/volumes.yml +++ b/setup/projects/adei/vars/volumes.yml @@ -2,6 +2,7 @@ gids: adei: { id: 6001, users: [ 'csa' ] } adei_db: { id: 6002 } adei_data: { id: 6003 } + adei_asec: { id: 6005 } volumes: adei_host: { volume: "hostraid", path: "/adei", write: true } # mysql @@ -14,11 +15,15 @@ volumes: adei_tmp: { volume: "temporary", path: "/adei/tmp", write: true } # per-setup temporary files adei_log: { volume: "temporary", path: "/adei/log", write: true } # per-replica (should be fine) temporary files # adei_db: { volume: "databases", path: "/adei", write: true } # mysql + sync_cfg: { volume: "openshift", path: "/adei/sync", write: true } + # This is not part of volumes and the permissions should be always provisioned using files on adei_host 'osv' local_volumes: adei_master: { volume: "hostraid", path: "/adei/mysql_master", nodes: [3], write: true } adei_slave: { volume: "hostraid", path: "/adei/mysql_slave", nodes: [1, 2], write: true } + asec_master: { volume: "hostraid", path: "/adei/asec_master", nodes: [3], write: true } + asec_slave: { volume: "hostraid", path: "/adei/asec_slave", nodes: [1, 2], write: true } adei_galera: { volume: "hostraid", path: "/adei/galera", write: true } files: @@ -37,4 +42,7 @@ files: - { osv: "adei_host",path: "galera", state: "directory", group: "adei_db", mode: "02775" } - { osv: "adei_host",path: "mysql_master", state: "directory", group: "adei_db", mode: "02775" } - { osv: "adei_host",path: "mysql_slave", state: "directory", group: "adei_db", mode: "02775" } + - { osv: "adei_host",path: "asec_master", state: "directory", group: "adei_asec", mode: "02775" } + - { osv: "adei_host",path: "asec_slave", state: "directory", group: "adei_asec", mode: "02775" } + - { osv: "sync_cfg", path: "asec", state: "directory", group: "adei_asec", mode: "02775" } # - { osv: "adei_db", path: "mysql", state: "directory", group: "adei_db", mode: "02775" } |